The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses pickle.load and joblib.load (e.g., in references/pipeline-orchestration.md and references/training-pipelines.md) to deserialize model artifacts. While standard in ML workflows, these methods are inherently insecure if the artifacts are sourced from untrusted remote locations (like public S3 buckets), as they can be leveraged to execute arbitrary code.
[EXTERNAL_DOWNLOADS]: The skill relies on and integrates with numerous external MLOps platforms and cloud services, including MLflow, Weights & Biases, Feast, Google Cloud Storage, and AWS S3. It also specifies the installation of various Python dependencies within containerized pipeline components.
[PROMPT_INJECTION]: The skill defines complex data ingestion points where it reads from external files (CSV, Parquet) and stores them in dataframes for processing. This creates a surface for indirect prompt injection if the processed data is later interpolated into LLM prompts without sanitization, though no such interpolation is explicitly defined in the provided templates.

ml-pipeline